Skip to content

Commit

Permalink
Allow fstab-generator create unit file symlinks
Browse files Browse the repository at this point in the history 
type=PROCTITLE msg=audit(06/03/2024 15:41:59.006:210) : proctitle=/usr/lib/systemd/system-generators/systemd-fstab-generator /run/systemd/generator /run/systemd/generator.early /run/systemd/gene
type=PATH msg=audit(06/03/2024 15:41:59.006:210) : item=2 name=/run/systemd/generator/local-fs.target.requires/-.mount inode=1803 dev=00:19 mode=link,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:systemd_generic_generator_unit_file_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(06/03/2024 15:41:59.006:210) : item=1 name=../-.mount nametype=UNKNOWN cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(06/03/2024 15:41:59.006:210) : item=0 name=/run/systemd/generator/local-fs.target.requires/ inode=1797 dev=00:19 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:systemd_generic_generator_unit_file_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=SYSCALL msg=audit(06/03/2024 15:41:59.006:210) : arch=x86_64 syscall=symlink success=yes exit=0 a0=0x558a92f9c4d0 a1=0x558a92f9c330 a2=0x0 a3=0x0 items=3 ppid=3123 pid=3138 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-fstab-g exe=/usr/lib/systemd/system-generators/systemd-fstab-generator subj=system_u:system_r:systemd_fstab_generator_t:s0 key=(null)
type=AVC msg=audit(06/03/2024 15:41:59.006:210) : avc:  denied  { create } for  pid=3138 comm=systemd-fstab-g name=-.mount scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:object_r:systemd_generic_generator_unit_file_t:s0 tclass=lnk_file permissive=1
type=AVC msg=audit(06/03/2024 15:41:59.006:210) : avc:  denied  { add_name } for  pid=3138 comm=systemd-fstab-g name=-.mount scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:object_r:systemd_generic_generator_unit_file_t:s0 tclass=dir permissive=1
type=AVC msg=audit(06/03/2024 15:41:59.006:210) : avc:  denied  { write } for  pid=3138 comm=systemd-fstab-g name=local-fs.target.requires dev="tmpfs" ino=1797 scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:object_r:systemd_generic_generator_unit_file_t:s0 tclass=dir permissive=1
type=AVC msg=audit(06/03/2024 15:41:59.006:210) : avc:  denied  { search } for  pid=3138 comm=systemd-fstab-g name=local-fs.target.requires dev="tmpfs" ino=1797 scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:object_r:systemd_generic_generator_unit_file_t:s0 tclass=dir permissive=1
  • Loading branch information
@zpytela
zpytela committed Jun 3, 2024
1 parent eb5635f commit 351a598
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions policy/modules/system/systemd.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1272,6 +1272,8 @@ init_read_state(systemd_cryptsetup_generator_t)
allow systemd_fstab_generator_t self:capability { dac_override dac_read_search };
allow systemd_fstab_generator_t self:process setfscreate;

create_lnk_files_pattern(systemd_fstab_generator_t, systemd_unit_file_type, systemd_unit_file_type)

dev_write_sysfs_dirs(systemd_fstab_generator_t)

files_read_all_mountpoint_symlinks(systemd_fstab_generator_t)
Expand Down

0 comments on commit 351a598

Please sign in to comment.